Learning DFA representations of HTTP for protecting web applications

Ingham, Kenneth L.; Somayaji, Anil; Burge, John; Forrest, Stephanie

doi:10.1016/j.comnet.2006.09.016

Cited by 73 publications

(45 citation statements)

References 36 publications

(54 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For some of the six algorithms, we also consider them in isolation. We also implemented the character distribution metric described by Wang and Stolfo [23], and the DFA induction and n-grams described by Ingham et al and Ingham [33,32].…”

Section: Algorithmsmentioning

confidence: 99%

“…The algorithm does not require negative examples. This algorithm is described in detail by Ingham et al [33].…”

Section: Algorithmsmentioning

confidence: 99%

“…The data types that are checked for valid form are host names, IP addresses, dates, various hash values (PHP session IDs, HTTP entity tags, etc), floating point numbers (HTTP q-values), and email addresses. Ingham and Ingham et al provide a detailed description of these heuristics in [32,33].…”

Section: Algorithmsmentioning

confidence: 99%

“…Generalization occurs in the DFA generation described in [33]. It also occurs when one or more "missed tokens" are allowed.…”

Section: Dfamentioning

confidence: 99%

See 3 more Smart Citations

Comparing Anomaly Detection Techniques for HTTP

Ingham

Inoue

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Much data access occurs via HTTP, which is becoming a universal transport protocol. Because of this, it has become a common exploit target and several HTTP specific IDSs have been proposed as a response. However, each IDS is developed and tested independently, and direct comparisons are difficult. We describe a framework for testing IDS algorithms, and apply it to several proposed anomaly detection algorithms, testing using identical data and test environment. The results show serious limitations in all approaches, and we make predictions about requirements for successful anomaly detection approaches used to protect web servers.

show abstract

Section: Algorithmsmentioning

confidence: 99%

“…The algorithm does not require negative examples. This algorithm is described in detail by Ingham et al [33].…”

Section: Algorithmsmentioning

confidence: 99%

Section: Algorithmsmentioning

confidence: 99%

“…Generalization occurs in the DFA generation described in [33]. It also occurs when one or more "missed tokens" are allowed.…”

Section: Dfamentioning

confidence: 99%

See 2 more Smart Citations

Comparing Anomaly Detection Techniques for HTTP

Ingham

Inoue

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Ingham et al [22] use a deterministic finite automaton (DFA) to build a profile of legal HTTP requests. It works by tokenizing HTTP request parameters, and storing each token type and (optionally) its value.…”

Section: Related Workmentioning

confidence: 99%

Boosting Web Intrusion Detection Systems by Inferring Positive Signatures

Bolzoni

Etalle

2008

On the Move to Meaningful Internet Systems: OTM 2008

View full text Add to dashboard Cite

Abstract. We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the "regular" and the "irregular" ones, and applying a new method for anomaly detection on the "regular" ones based on the inference of a regular language. We support our proposal by realizing Sphinx, an anomaly-based intrusion detection system based on it. Thorough benchmarks show that Sphinx performs better than current state-of-the-art systems, both in terms of false positives/false negatives as well as needing a shorter training period.

show abstract

Intelligent Security of Computer Networks

Semmoud¹,

Benmammar²

2021

Intelligent Network Management and Control

View full text Add to dashboard Cite

Learning DFA representations of HTTP for protecting web applications

Cited by 73 publications

References 36 publications

Comparing Anomaly Detection Techniques for HTTP

Comparing Anomaly Detection Techniques for HTTP

Boosting Web Intrusion Detection Systems by Inferring Positive Signatures

Intelligent Security of Computer Networks

Contact Info

Product

Resources

About